Design

IBM Software Scrutinizes Simultaneous Security Analysis

IBM has this week released the latest iteration of its analysis software, aligned to help design, build, and manage secure applications with a consolidated software vulnerability analysis and reporting function.

The company describes the simultaneous threat vulnerability and security analysis utility within its IBM Rational AppScan portfolio as a new tool for developers to assess security threats across the entire software development lifecycle to test security exposure — the product is also positioned as being able to help reduce risks and the costs associated with compliance concerns.

As part of the new features here, IBM Research says it has brought forward the advantages of string analysis — a software development capability that helps simplify the security testing process by automatically detecting and verifying which web application development input needs to be cleansed to remove security risks. This capability is said to help accelerate the accuracy and efficiency of security testing by the development community, regardless of security expertise.

With automated application security audits and source code scanning to measure whether the network and web-based applications are secure and compliant, IBM Rational AppScan will now automate security scanning with hybrid analysis capabilities. This hybrid analysis provides automated correlation of results from static code analysis and dynamic analysis to increase vulnerability identification in automated software. The end results being that better vulnerability identification and remediation are achieved if the software is deployed intelligently.

As cited in IBM's 2010 mid-year X-Force Trend Report, 55 percent of all vulnerabilities come from web applications, making it the greatest source of risk for organizations. The research indicates that computer security threats rose by 36 percent in the first half of 2010, resulting in more than 4,000 new vulnerabilities being documented compared to last year.

"As vulnerabilities become more prevalent, testing across the entire development lifecycle without having to invest in additional development resources and skills is significant for the bottom line," said Steve Robinson, GM for IBM Security Solutions. "Through the ongoing value brought by the acquisitions of Ounce Labs and Watchfire Corp., combined with our R&D expertise, we can now provide more comprehensive security governance, collaboration and risk management solutions that further protect organizations from malicious attacks."

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task.
However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

Video

This month's Dr. Dobb's Journal

This month,
Dr. Dobb's Journal is devoted to mobile programming. We introduce you to Apple's new Swift programming language, discuss the perils of being the third-most-popular mobile platform, revisit SQLite on Android
, and much more!